Professional Documents
Culture Documents
The standard
The OHSAS 18001 Standard 4.5 Checking
OHSAS 18001 is an international management 4.5.1 Performance measurement and
system standard developed with input from monitoring
international companies, cooperating National 4.5.2 Evaluation of compliance
Standards Bodies and registrars including DNV 4.5.3 Incident investigation, nonconformity,
GL . The standard consists of a Foreword corrective action and preventive action
section that includes scope, definitions, 4.5.3.1 Incident investigation
reference 4.5.3.2 Nonconformity, corrective action and
publications and the auditable management preventive action
system requirements. It also includes an
4.5.4 Control of records
informative Annex and Bibliography sections.
4.5.5 Internal audit
The structure of the OHSAS 18001 standard 4.6 Management Review
The structure of OHSAS 18001 is complimentary
to the clause (element) structure of ISO 9001 Basic Description of the OHSAS 18001 clauses
and ISO 14001. (elements)
(Note: OHSAS 18001 has not been updated
to reflect the new clause numbering and 4.1 General Requirements To establish and
nomenclature of ISO 9001:2008 and ISO maintain a management system that ensures
14001: 2004.) conformance to the standard. This should help
provide for regulatory compliance.
The Requirements of OHSAS 18001
4.2 OH&S Policy In the terminology of OHSAS
18001, the policy is meant to establish an overall
4.1 General Requirements
sense of direction and define the principles of
4.2 OH&S Policy
action for an organization. This includes stating
4.3 Planning overall health and safety objectives, and a
4.3.1 Hazard identification, risk assessment commitment to at least comply with applicable
and determining controls legal requirements and other requirements to
4.3.2 Legal and other requirements which the organization subscribe that relate
4.3.3 Objectives and program(s) to its OH&S hazards, prevention of injury and
ill health and continual improvement in OH&S
4.4 Implementation and Operation management and performance.
Requirements
4.5.4 Control of records The organization Some direct benefits to employees and to
must maintain records and manage the financial bottom line of the organization
them, as appropriate to the standard which have been reported include:
and its own systems, to ensure that the
documentation is properly categorized, Reductions in downtime and associated costs
traceable to the pertinent activities, is Recognized demonstration of legal and
legible and protected. regulatory compliance
4.5.5 Internal audit -- The organization Increased access to new customers and
should review and continually winning additional work (especially with
monitor the effectiveness of its OH&S governmental agencies)
management system through periodic Reduction of public liability insurance costs
internal audits. Reductions in the number of incident reports
4.6 Management ReviewTop management (i.e., OSHA reportables) for several
must conduct reviews of the OH&S consecutive periods
management system. This includes assessing Due to the results achieved, certain organiza-
the system for continual improvement tions top management have justified direct re-
opportunities, effectiveness, and suitability, bates to employees for safety shoes andother
etc. safety equipment, and existing PPE was often
enhanced.
Should OHSAS 18001 certification be a part of Procedures were updated to reflect current
my companys business plans? practices; Records were maintained and
There are costs associated with implementing standardized, which resulted in a more reliable
an OH&S management system in conformance reporting system and more meaningful data.
to OHSAS 18001. If companies make this All employees or those working on the or-
investment, then it is extremely important that ganizations behalf have been trained and/
they are able to derive positive benefits and a or refresher training has been provided, and
financial return on that investment. training has been extended into new em-
ployee orientation programs. Evacuation drills
There are basically four reasons why any were held as well as specialized training in
organization would consider OHSAS 18001 CPR, proper fireextinguisher use, spill cleanup,
certification: pollution prevention, and conservation of en-
ergy and resources.
1. Minimize health and safety risks to Turnover rate has decreased. Your answers or
employees and others responses to the benefits described above
2. Improve business performance should provide you with a strong basis to
3. Assist organizations in establishing make an informed decision as to whether OH-
a responsible image within their SAS 18001 should be in your companys plans.
marketplace or industry sector One thing is key, if based on the responses
4. Ensure an impartial, credible assessment to the above, you make a determination that
of the OH&S management system OHSAS 18001 should be in your companys
future, put plans in place to do it at your own
speed--- not someone elses. Do not wait until
your best customers, a governmental agency
or an industry association, give you an or else
ultimatum requiring you to be certified in six or
nine months in order to continue to do busi-
ness with them.
06 SELECTING A REGISTRAR What is OHSAS 18001 and should I care?
Selecting a Registrar
initial visit.) The size of the audit team and the
What does OHSAS 18001
duration of the on-site audit are a function of the
registration/certification require?
number of employees within the scope of the
Registration requires evidence of
audit, and the type and number of hazards and
implementation of OHSAS 18001 requirements,
the risks associated with the organizations
which includes: Procedures and records to
activities. Typically, two people would be
maintain compliance to applicable laws,
required to conduct the OHSAS 18001
commitment to continual Requirements
certification audit.
improvement (in a broad sense), and
commitment to prevention of accidents and
During the stage one audit (initial visit), the
incidents. The decision to actually certify an
audit team will check that the company has
organization to OHSAS 18001 will be dependent
identified all of the applicable federal, state
on the specific business goals that the company
and local OH&S requirements, statutes and any
has in conforming to the standard as well as
other requirements to which it subscribes. The
the market and public context in which the
effectiveness of the management review
company operates. For some companies,
process for identifying and defining hazards
independent, third-party certification may be the
and risks will also be evaluated. A review of
most beneficial option. For example, companies
how the significance of the identified hazards
selling products to markets in Europe or to
and risks is determined will also be conducted.
governmental agencies might face
Since OHSAS 18001 is based on a Plan-Do-
considerable pressure to obtain third-party
Check-Act model, the stage one audit of the
certification.
OH&S management system is focused on
ensuring that the plan aspect of the model has
However, even in Europe, companies should not
been effectively implemented. Areas of non-
presume certification will be necessary. It is very
conformity will be noted and corrective actions
important to understand that either third-party
may be required.
certification or self-declaration may be options.
Third-party certification may or may not be
The stage two audit (certification audit) is
mandated by the suppliers customers.
typically scheduled 4 to 6 weeks after the stage
one initial visit audit. The focus of stage two
Has there been acceptance of the OHSAS
audit is the do, check, act parts of the model.
18001 standard?
The auditors are seeking to objectively verify
While there is no accurate count of the
that the organization adheres to its OH&S policy,
number of certificates issued, the OHSAS
objectives, and procedures as they directly
18001 standard has been accepted and
relate to the requirements of OHSAS 18001.
adopted by businesses in many countries
The actual recommendation for certification to
throughout the world.
OHSAS 18001 is based on objective evidence
that the OH&S management system is in
What is the OHSAS 18001 certification process?
conformance with OHSAS 18001, and that
The basic steps to certification involve an
the organizations associated internal OH&S
independent evaluation (audit) by an external,
procedures are implemented and maintained.
unbiased company i.e., the OHSAS 18001
Ultimately, certification depends on whether or
certification body or registrar. Generally
not any major and/or minor non-conformances
speaking, a document review and a two stage
were issued by the auditor against the OH&S
on-site audit process are typical steps that
management system.
must be undertaken by an organization toward
achieving OHSAS 18001 certification. (An
optional pre-assessment may be selected in
addition to the two stage audit. This can be
conducted in conjunction with the stage one
What is OHSAS 18001 and should I care? SELECTING A REGISTRAR 07
How long does it take and how much will it cost? Areas to consider when evaluating registrars:
The time required to implement an OHSAS 18001
compliant system is a function of the size of the Technical competencies
company, the number of people involved under Interpretation of the standard and overall
the scope of the certification, the complexity of philosophy
the processes, the sector in which the company Price
operates in, the number and significance of the People factors
identified hazards and risks, and the degree to
which the existing OH&S management system Technical competencies
meets the requirements of the standard. A typical Most registrars that are accredited have very similar
time line for implementation is six to twelve months. technical competencies. These competencies are
Certification costs, that is, those fees paid to the defined and are mandatory requirements of the
registrar, are small compared to the overall internal accreditation bodies or the professional standards
costs of the development and implementation body. The rules that registrars operate under
of the OH&S management system. The registrar are largely governed by what is known in the
fees are a function of the audit days required to certification industry as accreditation bodies. Most
verify conformance to the standard, which in turn of the countries that have adopted or accepted the
is a function of the hazards and risks associated OHSAS 18001 standard have their own national
with the organizations activities and the number accreditation body. In the U.S. that body is
of employees and sites, etc. Most registrars will the American National Accreditation Board
provide a no obligation costs quotation on request. (ANAB formerly the RAB). Having management
system accreditation by ANAB, RVA or another
Selecting a Registrar accreditation body is an important attribute when
If you are planning on becoming certified to OHSAS selecting a registrar and a key factor in making
18001 or another accredited management system your initial short list of candidates. In order to
standard, the selection of your certifying body is become accredited a registrar must undergo
an important decision. Everything being equal, this a rigorous audit and review process. However,
is a relationship that will be in place for a very long registrars accredited for OHSAS 18001 in order to
time. That is why it is so important that your choice maintain their accreditation, are subject to ongoing
is one which will provide you with a partnership surveillance audits and other formal requirements
approach to certification, provide you with value- to ensure the quality of their services and for the
added services and result in a certification that is maintenance of technical competencies. Not all
recognized and accepted by your customers and accredited registrars are created equal. There are
prospects. In the OHSAS 18001 marketplace there considerable differences between them that should
are a large number of registrars offering certification be assessed before a selection is made.
services. It is an unregulated market - that is,
anybody can set themselves up as an OHSAS 18001 Interpretation of the OHSAS 18001 standard and
registrar, perform audits and issue certificates. It is the overall philosophy
very much a buyer beware market place. So how There may be variances in how registrars interpret
do you go about making an informed decision the OHSAS 18001 standard and/ or their general
when selecting your registrar? audit philosophy. As examples, are they auditing to
the letter of the standard or do they adopt a more
If you call several companies and ask a series of pragmatic approach of auditing to the intent of the
challenging questions - What was your experience standard? What kind of customer service response
with XYZ registrar? What impressed you most about can you expect if you select a particular registrar?
the registrar? What did you least like about your What is their track record on customer satisfaction?
dealings with them? Would you recommend them What experience does this particular registrar
to others? If you ask these questions of six or seven have in your industry sector, how many certificates
companies, you will get a pretty good picture of the have they issued to businesses like yours? These
overall character and the philosophy of the registrar. questions are best answered by talking to clients
Everything being equal, this is a relationship that who have selected and become certified by the
will be in place for a long time and it is therefore registrar that you are considering.
imperative that you make a decision based on
sound information.
08 SUMMARY What is OHSAS 18001 and should I care?
Summary
Reference accounts are fine but are generally an informed decision? When making a registrar
selected or pre-screened by the registrar. selection price is important but should not be
A more effective and potentially unbiased your primary selection criteria. If you make a
approach is for you to make the customer decision based solely on price you are probably
selection yourself. If a registrar is accredited they making a decision that you may regret later.
are obligated to produce and maintain a list of Certification is a free market service. This means
all companies that they have certified. The list that there is no requirement for a registrar to be
may be in hard copy or part of their web page. accredited (some industry specific standards
Obtain access to the list and then pick six or may require accreditation.) If a registrar is
seven certified companies. Select companies unaccredited, there are no rules or requirements
which are either in similar businesses to yours for auditor training and qualifications, industry
or which are geographically close to you or just or work experience, the methodology for the
select companies whose judgment you trust. certification process and more.
They will give you a pretty good indication where Why partner with DNV GL?
the registrar is on the Driven by our purpose of safeguarding life,
people factor scale: property and the environment, DNV GL
enables organizations to advance the safety
What was and has been the response to your and sustainability of their business. DNV GL is a
requests? leading provider of classification, certification,
Were the responses timely? verification and training services. With our origins
What was the general attitude of the people stretching back to 1864, our reach today is
you had to deal with? global. Operating in more than 100 countries, our
Do they really act like they would want and 16,000 professionals are dedicated to helping
work to keep your business? our customers make the world safer, smarter and
Are these the kind of people that you would greener.
look forward to having a long term business
relationship with? As a world-leading certification body, DNV GL
helps businesses assure the performance of their
organizations, products, people, facilities and
Summary supply chains through certification,
Selecting an OHSAS 18001 registrar is an verification, assessment, and training services.
important decision, everything being equal, it is Partnering with our customers, we build
a relationship which will, ideally, be in place for a sustainable business performance and create
long time. Taking the time to evaluate registrars stakeholder trust.
based on the above criteria will be a good
investment of your time and money. *Risk Based Certification is a registered EU
trademark of DNV GL AS.
As a world-leading certification body, DNV GL helps businesses assure the performance of their organizations, products, people,
facilities and supply chains through certification, verification, assessment, and training services. Partnering with our customers, we build
sustainable business performance and create stakeholder trust.
DNV GL - Business Assurance 1400 Ravello Katy, TX Tel: 1-877-368-3530 Version 05.14